How can we help?

Auvik can log into my FortiGate firewall, but won't back up its configuration

Follow

If connectivity between the collector and a firewall goes through a VPN, you may experience issues getting the configuration backed up even though Auvik shows a green checkmark for SNMP and Login.

Auvik backs up the configuration on FortiGates by entering a command for the device to use FTP (file transfer protocol) to send the config file to the collector. When the firewall sends FTP traffic over a site-to-site VPN, it uses the egress interface IP address as the source IP in the packets. Most site-to-site tunnel interfaces don’t have an IP address assigned to them, so the FTP packet is sent out with a source IP of 0.0.0.0. Since site-to-site VPNs have access lists limiting source and destination subnets allowed through them, packets received over a tunnel with a source of 0.0.0.0 are denied.

In order to fix this issue, you need to assign an IP address to the tunnel interface that falls within the allowed IP ranges for the VPN.

screenshot_fortigate_-_highlights.png

If that doesn’t resolve your issue, or if your FortiGate doesn’t need to traverse a VPN to reach the collector, contact Auvik Support.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request